[ltp] Suspend with crypted swap?

Christopher Singley linux-thinkpad@linux-thinkpad.org
Wed, 5 Sep 2007 09:18:51 -0500 

> Debian does handle all this stuff. There is absolutly no need to
> fiddle with customized initramdisks.
Well, I guess "three cheers for Debian", then.

> If you use on dm-crypt container and put lvm on top of of you will
> have to type your password only once.
I hadn't intended to install LVM, but putting it on top of dm-crypt rather 
than underneath is an interesting idea, thanks.

By utterly unnecessarily fiddling with customized ramdisks, I've set up my 
machine to look for a keyfile on a USB flash device if available, so I don't 
have to type my password at all.  Different strokes for different folks.

> Is there any reason for having / plain but using crypted swap?
I believe people run such a configuration for performance reasons 
(encrypting /home, /var, and so on separately), but that's not what I'm 
doing.  The init script I attached parses out the root argument & uses it to 
set up dm-crypt.

cs

On Wednesday 05 September 2007 08:30:20 Daniel Maier wrote:
> On Tue, Sep 04, 2007 at 02:45:21PM -0500, Christopher Singley wrote:
> > I created the encrypted containers with dm-crypt; I used the same
> > password for both root & swap.  It's very important to use a persistent
> > key for swap, not /dev/random or whatever as many tutorials would have
> > you do.
>
> If you use on dm-crypt container and put lvm on top of of you will
> have to type your password only once.
>
> > You have to boot with an initramfs that contains dm-crypt, and a script
> > to handle the initial booting.  To do this, I created the /etc/initramfs
> > directory, and inside that created /etc/initramfs/filelist.txt
> > and /etc/initramfs/initscript.sh (which I've attached to this email,
> > including comments indicating the sources from which I stole certain
> > code, so you can check those out yourself too).
>
> Once again:
> Debian does handle all this stuff. There is absolutly no need to
> fiddle with customized initramdisks.
> Just make sure /etc/crypttab matches your configuration and run
> update-initramfs. The generated initrd is able to setup both
> dm-crypt and lvm and also resuming from crypted swap without any
> resume= commandline parameters.
>
> > In my /boot/grub/grub.conf, I pass these arguments to the kernel:
> > kernel /vmlinuz root=/dev/hda6 swap=/dev/hda5 resume2=/dev/mapper/swap
> > video=radeonfb:force_sleep=1
>
> Is there any reason for having / plain but using crypted swap?
>
> Regards, Daniel.



-- 
Christopher Singley, CFA
President, Singley Capital Management, Inc.
tel (713) 459-0881